Question description

1. IntroductionIdentity and privilege managements refer to the processes, technologies and policies for managing digital identities, controlling how such identities are used to access resources, and what level of access can be granted to certain individuals (Chong, 2004). Although in many aspects this process is considered a new term that is differently viewed by many people, individuals in the IT field have managed to turn its meaning into a useful tool that helps identify certain security and identity related issues they currently face. When addressing management and mitigation of insider threats, IT personnel must take into consideration two key concepts as to properly help secure an organization overall assets. The first being identity management which controls and grants access, is usually completed through a sequence of authentication and authorization with authentication being the process by which identity is verified, and authorization the process which determines if an identity is allowed to perform any actions or have privileges to certain resources Chong, F. (2004). The second concept IT personnel must take into consideration is that of privilege management. According to LIEBERMAN 2010, privilege management is the process of managing privileged identities, which allows certain individuals unrestricted access to view and change data, alter configuration settings, and run programs and are often associated with those who maintain servers, network components, etc., and have special elevated passwords to perform such duties. In this case study, we will identify and discuss a product that can be used to mitigate identity or privilege management with respect to its features and capabilities and how such product can be used by cybersecurity as to help minimize organizational risk while addressing 5 pillars security issues.Review, Features, Capabilities, & Deficiencies of AIMS SuitFor this case study, my preferred IAM for this organization would be that of the Avatier Identity Management Software (AIMS) Suit. According to Gaehtgens, Iverosn, & Krapes 2015, Avatier Identity Management Software (AIMS) Suite is available modularly and includes several combinations of products such as, Identity Enforcer, Password Station, Group Requester, Group Enforcer and Compliance Auditor. Several features of Avatier Identity Management Software are:Unified identity management architecture.Risk-aware user provisioning and access management.Business user IT governance and access certification audit controls.Comprehensive regulatory compliance management reporting.Robust configuration and integration with enterprise systems.Self-service identity management, service catalog, approval workflow management, and enterprise password management.Although AIMS remains a key IAM player that is broadening its suite without losing focus on usability, fast time to value and ease of maintenance, two major downfalls to this software is the fact that its IGA channel network is still limited, and that it lags behind the average vendor in bringing IGA features to market Gartner 2015. However, I still believe that this product will serve valuable to this organization because it features and capabilities outweighs its scarcity and if employed properly, it will be a good product for overall organizational protection.Cybersecurity Objectives in Reducing Risk & Increasing ResistanceIn discussing how AIMS Suit can be used by this organization to as to help support cybersecurity objectives, this organization can utilize AIMS Suit Password Station as measures to help develop strict password and account management policies and practices that can help prevent malicious insiders from compromising the organization’s user accounts because, user account and password management policies and practices are critical to impeding an insider’s ability to use the organization systems for illegal purposes (Silowash et al, 2012). Another way the organization can use AIMS Suit to help improve its cybersecurity objectives would be to utilize Group Enforcer and Compliance Auditor as means to enforce separation of duties and least privilege activities because by doing so, this organization can divide functions among multiple people as to limit the possibility of one employee stealing information or committing a crime without the cooperation of another (Silowash et al, 2012).Security Issues Associated with 5 Pillars TermsWhen discussing issues associated with 5 pillars terminology, access control is one that comes to mind. Considering that many organization system administrators and privileged users have the technical ability to access systems because of their escalated password privileges, if organizations do not enforce that such users sign a privileged user agreement or rules of behavior, such users could use their authority to commit and conceal malicious activity (Silowash et al, 2012). Another issue associated with 5 pillars terminology is that of back door. Considering that system administrators can create back door accounts as means to conduct activities such as, system troubleshooting, if the administrator is terminated and that account remains active, the administrator can still be able to have access to organizational information and could exploit organizational trade secrets or other valuable information.ConclusionTo conclude, identity and privilege management are the very processes to which an organization can help increase the protection of its intellectual property and prevent insider threats. By hiring the right people who can develop and enforce organizational policies, such policies can often be implemented by using technologies and products that can be deployed as to help mitigate such risks and provide the relevant security that are beneficial to such organizations. And as for my client, I believe the Avatier Identity Management Software (AIMS) Suit, will serve valuable to them because of the many features it offers and because of the amount of money the organization handles, which could be at, risk without this product.References:Avatier. (2016). Identity governance and administration (IGA). Retrieved April 12, 2016, from http://www.avatier.com/products/identity-management/resources/identity-governance/Chong, F. (2004). Identity and access management. . Retrieved from https://msdn.microsoft.com/en-us/library/aa480030.aspxGaehtgens, F., Iverson, B., & Krapes, S. (2015). Magic Quadrant for identity governance and administration. Retrieved from http://www.federalnewsradio.com/wp-content/uploads/pdfs/051815_magic_quadrant_for_identity_governance_admin.pdfLieberman. (2010). Privileged identity management an executive overview privileged identity management -2. Retrieved fromhttp://www.ciosummits.com/media/pdf/solution_spotlight/Privileged_Identity_Management.pdfSilowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T. J., & Flynn, L. (2012). Common sense guide to mitigating insider threats 4 th edition CERT ® program. Retrieved from http://resources.sei.cmu.edu/asset_files/TechnicalReport/2012_005_001_34033.pdf2. An introduction to Identity & Privilege ManagementIdentity and Privilege Management is a set of processes which leverage tools to manage identity (system and user accounts) and entitlements across systems and the cloud for an organization.  It incorporates provisioning, de-provisioning, entitlement governance, attestation, risk assessment, and segregation of duties (SOD) enforcement. (Perkins, Gaehtgens, & Iverson, 2013)IAM tools often include account life cycle, access control, provisioning, request management and fulfillment, reporting and attestation, policy enforcement, role management, entitlements, and analytics. (Perkins, Gaehtgens, & Iverson, 2013)A review of the features, capabilities, and deficiencies for your selected vendor and product  Having experienced Beta Systems SAM Jupiter + Proginet SecurePass, Courion, and the Oracle “super suite” which includes: OIA, OAM, OVD, OUD, OVD, OIF, and OIG (Oracle); Gartner’s 2013 assessment of each vendor/product is very accurate.Oracle ranked near the top with SailPoint appearing to be at the top.  Oracle has made a habit of buying companies or IP from companies to build up their OIG platform.  In doing so, some of it is a kludge, making it complex and complicated when the entire suite is deployed.Overall, at least on paper, Oracle appears to have all of the check boxes checked.  There is a very long list of “O-something” products, Oracle Access Manager (OAM), Oracle Identity Federation (OIF), Oracle Entitlements Server (OES), Oracle Unified Directory (OUD), Oracle Virtual Directory (OVD), Oracle Identify Manager (OIM), Oracle Identity Analytics (OIA), which all wrap up into the new Oracle Identify Governance (OIG).  Combined, these platforms create capabilities to support Access Management, Identity Governance, and Directory Services. (Oracle)  To Oracle’s credit, OIG is one of the most popular IAM products in the world.OUD is an incredibly complex product.  Parts of the Directory and stored on separate servers, and then all replicated to multiple servers.  The design was to provide strong High Availability (HA) and Fault Tolerance (FT) capabilities, but in doing so, at the expense of manageability and operations.  The management tools to manage OUD are each digitally signed, and only manage a specific instance of the directory.  There is a web management interface that is also difficult and cumbersome.  The Oracle suite has a very large footprint and requires many servers and teams to manage it.  It is designed for very large organizations and really has no offering for small and midsized organizations.  The costs are also very high, making it cost prohibitive for small or midsized organizations to leverage it.  OIG significantly lags behind the innovators in the Cloud. (Perkins, Gaehtgens, & Iverson, 2013) (Oracle)Reducing risk, increasing resistance to threats/attacks, decreasing vulnerabilities, etc.Depending on size and scale, small to midsized organizations are generally able to invest in experienced staff members with strong IAM/Directory Services experience to manually, or more preferable with automation and strong policies and procedures, develop a very stable and efficient IAM solution.  Active Directory provides a very solid Directory Services infrastructure for both Authorization and Authentication that offers many APIs and 3P vendor integrations for scripting, management, and reporting.Deploying a large scale IAM/IGA solution designed for very large organizations would have almost no ROI for a small organization, in fact it would likely provide a large negative return.  The solution would require a large amount of hardware and staff resources to maintain it correctly.  One could argue the platform would actually increase risk and an organization’s attack surface, and would certainly add to vulnerabilities instead of reduce them.Strong processes, automated procedures, and reporting, in addition to a governance board could define standards and policies around least privilege and separations of duties.  This reporting will provide snapshots and data integrity capabilities.  If a product is truly required to manage a few hundred users, something along the lines of Microsoft Identity Manager may be more appropriate (Microsoft).  Another option could be to look into using a Cloud based IDaaS (Identify as a Service) provider like Okta or Microsoft Azure (Okta).  Depending on the data sensitivity, the applications, and the work load, that may be another viable option.  Most of the advanced features found in IAM/IGA on-prem products are included in the offerings, it’s subscription based normally, so an organization only pays for what they need and do not incur the costs of managing complicated and complex infrastructures, but still get the features offered by those solutions.Conclusion Overall, selecting and deploying an IAM/IGA solution really depends on the size and scale of the environment.  If there is a negative ROI forecasted to deploy the solution, it may not make sense.  More consolidated solutions designed for small and midsized organizations may be more viable.  Lastly, Cloud based IDaaS solutions may be very attractive for smaller organizations and startups that are able to deploy green field solutions with no technical debt or legacy dependencies.ReferencesMicrosoft. (n.d.). Microsoft Identity Manager. Retrieved April 13, 2016, from Microsoft: https://www.microsoft.com/en-us/server-cloud/products/microsoft-identity-manager/Okta. (n.d.). HR-Driven IT Provisioning. Retrieved April 13, 2016, from Okta: https://www.okta.com/solutions/hr-driven-it-provisioning/Oracle. (n.d.). Oracle Identity Management. Retrieved April 13, 2016, from Oracle: http://www.oracle.com/technetwork/middleware/id-mgmt/overview/index.htmlOracle. (n.d.). Oracle Identity Management – Securing the New Digital Experience. Retrieved April 13, 2016, from Oracle: http://www.oracle.com/us/products/middleware/identity-management/overview/index.htmlPerkins, E., Gaehtgens, F., & Iverson, B. (2013, December 30). Magic Quadrant for Identity Governance and Administration. Retrieved April 13, 2016, from Gartner: http://innetworktech.com/wp-content/uploads/2014/01/Magic-Quadrant-for-Identity-Governance-and-Administration.pdf

~~~For this or similar assignment papers~~~